In our previous Article “AWS Lightsail – How to install free SSL in Lightsail instance?“, we have discussed installing a free SSL certificate from Let’s Encrypt. If everything goes fine, you can access your website using HTTPS. Otherwise, you wee see below Error. In this article, we will discuss fixing this issue.
Your connection is not private
Attackers might be trying to steal your information from my-example.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Help improve Safe Browsing by sending some system information and page content to Google. Privacy policy
This server could not prove that it is my-example.com; its security certificate is not trusted by your computer’s operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
This issue is mainly because of the issue with the generated Certificate files. Either the Certificate files are NOT installed properly or accidentally deleted in the system.
How to find where the Certificate files are located?
When you install the SSL Certificate, Certbot generates an SSL Certificate and associated Private key. These are located in the below path:
/etc/letsencrypt/live/my-example.com/fullchain.pem /etc/letsencrypt/live/my-example.com/privkey.pem
fullchain.pem is the certificate file and privkey.pem is the private key file.
When the webserver (in this case Apache) is attempts to access your website, it will verify whether any Certificates are available for the SECURED transfer.
Usually, Apache stores the Certificates in the below location.
/opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.key
Verify whether the installed Certificates (Let’s Encrypt Certificate files) have already been copied into this location. Otherwise, copy them into here.
Before that, you must have to take the backup of existing Certificates. Here are the commands:
root@:/opt/bitnami# mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/serverkey.bak root@:/opt/bitnami# mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/servercrt.bak
Instead, we copy the Let’s Encrypt certificate files into the location where Apache will pick up the Certificates; we create Symbolic links to point to the Let’s Encrypt Certificates. This will be useful to NOT to copy the Certificates whenever they are renewed. Usually, Let’s Encrypt’s free certificates will be valid for 3 months. After that, we need to renew them to get the new certificates.
Below are the commands to create the Symbolic links. Replace your domain name in place of the name “my-example.com“.
root@:/opt/bitnami# sudo ln -s /etc/letsencrypt/live/my-example.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt root@:/opt/bitnami# sudo ln -s /etc/letsencrypt/live/my-example.com/privkey.pem /opt/bitnami/apache2/conf/server.key
Once these are updated; you must have to restart the Apache webserver in order to pick up the certificates. Here is the command.
root@:/opt/bitnami# sudo /opt/bitnami/ctlscript.sh restart apache
Once done, verify whether your site can be accessed securely. This time you must be able to access the site using HTTPS.
We will discuss more topics in my upcoming Articles.
[..] David